Fork me on GitHub

Culture and Org.: Information security targets are communicated

Risk and Opportunity

Risk: Employees don't known their organisation security targets. Therefore security is not considered during development and administration as much as it should be.
Opportunity: Transparent and timely communication of the security targets by senior management is essential to ensure teams' buy-in and support.

Exploit details

Usefullness: High
Required knowledge: Very Low (one discipline)
Required time: Very Low
Required resources (systems): Very Low

OWASP SAMM 1 Mapping: SM1-B
ISO27001:2017 Controls Mapping: